Method for configuring access rights, control point, device and communication system

ABSTRACT

In a method for configuring access rights, a UPnP (Universal Plug and Play) device receives CPID information sent by a first CP without administrator rights, wherein the CPID information comprises an ID of another CP obtained by the first CP. Then the UPnP device sends a CPID list that carries the CPID information to a second CP with administrator rights. And the UPnP device receives a CP right configuration command sent by the second CP, and configures access rights for at least one CP corresponding to a CPID in the CPID list.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.13/248,897, filed on Sep. 29, 2011, which is a continuation ofInternational Application No. PCT/CN2009/076097, filed on Dec. 26, 2009.The International Application claims priority to Chinese PatentApplication No. 200910081961.9, filed on Apr. 9, 2009. Theafore-mentioned patent applications are hereby incorporated by referencein their entireties.

FIELD OF THE INVENTION

The present invention relates to network communication technologies, andin particular, to a method for configuring access rights, a ControlPoint (CP), a device, and a communication system.

BACKGROUND

Universal Plug and Play (UPnP) enables communication and resourcesharing between home network devices in a digital home network. The UPnPnetwork based on the UPnP technology is a network architecture designedto set up a Peer to Peer (P2P) network between home network devices. Ina UPnP device system, the user interacts with a CP in the UPnP tocontrol the home network devices. By invoking relevant applications, theCP reads the state and control information of each UPnP device in thehome network through certain media based on the UPnP protocol, performsrelevant processing to generate user interface data, and presents theuser interface data to the user through graphics, texts or multimedia.

A UPnP network may include multiple CPs. The UPnP technology provides asecurity service which enables multiple CPs to perform security controlfor all UPnP devices in the network. Through the security service,different levels of access rights are configured for the CPs, thusensuring communication security between UPnP devices in the network. Inorder to configure access rights for multiple CPs in the networkrespectively, it is necessary to obtain the ID information of each CP inthe network. In the prior art, a dedicated apparatus (namely, console)is deployed in the UPnP network to obtain the ID information of each CPin the network. The access rights for all CPs are deployed in acentralized way, and therefore, access rights are configured for each CPrespectively.

In the process of developing the present invention, the inventor findsthat the prior art uses a dedicated apparatus (namely, console) toobtain ID information of each CP in the network and configure the accessrights of each CP; and the construction of a UPnP network involves atleast three types of apparatuses: console, CP, and UPnP device. Thenetwork construction in the prior art is rather complicated.

SUMMARY

The embodiments of the present invention provide a method forconfiguring access rights, a CP, a device, and a communication system tosimplify networking at time of configuring access rights of CPs.

A method configuring access rights in an embodiment of the presentinvention includes:

receiving Control Point Identifier (CPID) information sent by a firstControl Point (CP) without administrator rights, wherein the CPIDinformation comprises an identifier (ID) of the first CP and/or an IDsof another CP obtained by the first CP;

sending a CPID list that comprises the CPID information to a second CPwith administrator rights; and

receiving a CP right configuration command sent by the second CP, andconfiguring access rights for CPs corresponding to CPIDs in the CPIDlist.

A device provided in an embodiment of the present invention includes:

a CPID information receiving module, adapted to receive CPID informationsent by a first Control Point (CP) without administrator rights, whereinthe CPID information comprises an identifier (ID) of the first CP and/oran ID of another CP obtained by the first CP;

a CPID information sending module, adapted to send a CPID list thatcomprises the CPID information to a second CP with administrator rights;and

a right configuring module, adapted to: receive a CP right configurationcommand sent by the second CP, and configure access rights for CPscorresponding to CPIDs in the CPID list.

A CP provided in an embodiment of the present invention includes:

a CPID information sending module, adapted to send CPID information to adevice, wherein the CPID information comprises an identifier (ID) ofthis CP and/or an ID obtained from another CP;

a CPID information obtaining module, adapted to obtain a CPID list thatcomprises CPID information from the device; and

a CP right configuring module, adapted to send a CP right configurationcommand to the device, wherein the command instructs the device toconfigure access rights for CPs corresponding to CPIDs in the CPID list.

A communication system provided in an embodiment of the presentinvention includes: a first CP without administrator rights, a second CPwith administrator rights, and a device.

The first CP is adapted to send CPID information to the device, wherethe CPID information includes an ID of the first CP and/or an ID ofanother CP obtained by the first CP.

The second CP is adapted to: obtain a CPID list that carries the CPIDinformation from the device, and send a CP right configuration commandto the device, where the command instructs the device to configureaccess rights for CPs corresponding to CPIDs in the CPID list.

The device is adapted to: receive the CPID information sent by the firstCP, send the CPID list that carries the CPID information to the secondCP, and configure access rights for the CPs in the CPID list afterreceiving a CP right configuration command sent by the second CP.

In the method for configuring access rights, CP, device andcommunication system provided in the embodiments of the presentinvention, any CP can play the role of configuring access rights forother CPs in the network. Therefore, in the process of constructing thenetwork, it is not necessary to deploy a dedicated apparatus forconfiguration and management. The information about all CPs in thenetwork can be obtained through only two types of apparatuses, namely,CP and device. According to the obtained CP information, the accessrights of other CPs are configured and managed, thus simplifying thenetworking.

BRIEF DESCRIPTION OF THE DRAWINGS

To make the technical solution in the present invention clearer, thefollowing outlines the accompanying drawings for illustrating theembodiments of the present invention. Apparently, the accompanyingdrawings outlined below are for the exemplary purpose only, and personsof ordinary skill in the art can derive other drawings from suchaccompanying drawings without creative effort.

FIG. 1 is a flowchart of a method for configuring access rights in thefirst embodiment of the present invention;

FIG. 2 shows signaling interaction of a method for configuring accessrights in the second embodiment of the present invention;

FIG. 3A and FIG. 3B show signaling interaction of a method forconfiguring access rights in the third embodiment of the presentinvention;

FIG. 4 shows signaling interaction of a method for configuring accessrights in the fourth embodiment of the present invention;

FIG. 5 shows a structure of a device provided in the fifth embodiment ofthe present invention;

FIG. 6 shows a structure of a CP provided in the sixth embodiment of thepresent invention; and

FIG. 7 shows a structure of a communication system provided in theseventh embodiment of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The following detailed description is directed to the technical solutionin the embodiments of the present invention with reference to theaccompanying drawings. However, the embodiments to be described are onlya part of, rather than all of, the embodiments of the present invention.Additionally, all other embodiments, which can be derived by thoseskilled in the art from the embodiments given herein without anycreative efforts, fall within the scope of the present invention.

FIG. 1 is a flowchart of a method for configuring access rights in thefirst embodiment of the present invention. The entity that implementsthe steps of this embodiment is a device in the UPnP network. Thisembodiment describes the method for obtaining CP information from theperspective of the UPnP device. As shown in FIG. 1, the method forconfiguring access rights in this embodiment includes the followingsteps:

Step 11: Receive CPID (Control Point Identifier) information sent by afirst CP without administrator rights.

The CPID information includes the ID of the first CP and/or the IDs ofother CPs obtained by the first CP. An ID may be a CP public key, a hashvalue of the CP public key, or other information for identifying the CP.

Step 12: Send a CPID list that carries the CPID information to a secondCP with administrator rights.

All CPs in the network in this embodiment are apparatuses of the sametype. Any CP may send its ID and/or IDs of other CPs obtained by itselfto the UPnP device; and any CP can obtain the CPID list that carries theobtained CPIDs from the UPnP device. In this way, any CP in the networkcan be configured to have administrator rights or have no administratorrights as required. The CP with administrator rights refers to a CPentitled to manage or control UPnP devices, or entitled to allocateaccess rights to other CPs. In step 11 and step 12, the CP withadministrator rights is the second CP in this embodiment, and the CPwith no administrator rights is the first CP in this embodiment; and thesecond CP with administrator rights can configure access rights for thefirst CP without administrator rights in the CPID list according to theCPID list obtained from the UPnP device.

Step 13: Receive a CP right configuration command sent by the second CP,and configure access rights for CPs in the CPID list.

The second CP with administrator rights sends a right configurationcommand to the UPnP device. The right configuration command may carrythe ID information of the CP requiring configuration of access rights,and the access rights of the corresponding CP. The access rights may beused by the UPnP device to exercise access control on a command from thecorresponding CP, for example, authenticate the command from thecorresponding CP. After the command from the CP passes theauthentication, the UPnP device executes the command; otherwise, theUPnP device forbids access from the CP. To facilitate the UPnP device toobtain the CPID and facilitate any CP to obtain IDs of other CPs, theUPnP device does not perform security authentication for the CPIDobtaining command sent by the first CP to the UPnP device or for theCPID obtaining command sent by the second CP to the UPnP device, butstores the obtained CPID information onto the UPnP device or submits thestored CPID information to the CR

In the networking process of configuring access rights of the CP in thisembodiment, it is not necessary to deploy any dedicated apparatus forconfiguration and management. The information about all CPs in thenetwork can be obtained through only two types of apparatuses (namely,CP and UPnP device), thus simplifying the networking. In practice, anyCP may be set as a second CP that holds administrator rights asrequired, and the second CP configures access rights for other CPs. Ifthe second CP fails, another CP in the network may be set as a CP thatholds administrator rights, without changing the existing deploymentconditions of the network; and this CP configures access rights forother CPs. Therefore, networking flexibility is improved significantly,and the network security is enhanced.

FIG. 2 shows signaling interaction of a method for configuring accessrights in the second embodiment of the present invention. Theapplication scenario of this embodiment is: The UPnP network includesone UPnP device (device 1) and two CPs (CP1 and CP2); CP1 holds noadministrator rights, and CP2 holds administrator rights. It is assumedthat the UPnP device (device 1) and CP1 are started first. As shown inFIG. 2, the method for configuring access rights in this embodimentincludes the following steps:

Step 21: Through a UPnP discovery mechanism, CP1 discovers a startedUPnP device (device 1) in the current network and obtains descriptioninformation of device 1.

When a UPnP device is added to the network or a UPnP device starts up,the UPnP device announces its services to the CPs in the network basedon a UPnP discovery protocol such as Simple Service Discovery Protocol(SSDP). Also, at the time of adding the current CP into the network orstarting the CP, the UPnP discovery protocol enables the current CP tosearch the network for the desired UPnP device. In both circumstancesabove, the UPnP device broadcasts or multicasts the description document(or URL of the description document) of the UPnP device, and the currentCP can obtain the description document of the corresponding device. Thedescription document may be a device description document. The devicedescription document may include device name, manufacturer name, and aUniform Resource Locator (URL) for recording the service descriptiondocument on the UPnP device. The CP may access the URL address to obtainthe service description document of the UPnP device. The servicedescription document may include parameters or variables (which may bestatus variables), and action commands.

For example, CP1 obtains device description information of the device.The device description information includes the URL for recording theservice description document on the device. CP1 accesses the URL addressto obtain the service description information of the device. The servicedescription information records the service capabilities of the firstUPnP device.

Step 22: CP1 adds its ID information in device 1.

In this step, CP1 does not need to have special rights such asadministrator rights; and device 1 does not need to authenticate theaccess rights of CP1 when performing the corresponding operations ofthis step. In practice, a new command may be added to any servicedescription in the service description document of device 1. Device 1executes this command to store the received CPID information; or, a newURL is added to the device description document/service descriptiondocument. The CPID information is written by the CP1 to the addressidentified by the URL. Through an event, device 1 may notify the storedcontent of the CPID list to all CPs in the network. The foregoing twomethods are described below.

(1) A new command is added to any service description of the servicedescription document of the UPnP device, and the UPnP device executesthe command to store the received CPID information.

Here is an example: A new action command WriteCPID( ) is added to thedescription of the protection service of the service descriptiondocument of the UPnP device. The action command WriteCPID( ) includesCPID information.

TABLE 1 Parameters of an added action command WriteCPID( ) in aprotection service Parameter name Direction Remarks Identity Inputparameter CPID

As shown in Table 1, the added action command WriteCPID( ) in theprotection service description is an instruction of adding CPIDinformation, and “Identity” is a CPID list parameter, which may includeone or more CPIDs. CP1 sends an action command WriteCPID( ) to device 1.After receiving the action command WriteCPID( ), device 1 does not needto authenticate the WriteCPID( ), but executes it directly. If no CP1 IDinformation is stored on device 1, device 1 stores the CPID information.In this case, device 1 does not allocate rights to the CP.

(2) A new URL for storing CPID information is added to the devicedescription document/service description document, and the CP1 writesthe ID information of CP1 to an address identified by the URL.

Here is an example: Address description CPIDURL is added to a devicedescription document or service description document. The addressdescription indicates the URL for storing the CPID information on theUPnP device, for example, <CPIDURL>URL for CP ID</CPIDURL>.

CP1 sends an HTTP PUT message to device 1. The HTTP PUT message carriesCPID information and CPIDURL for storing the CPID information. Afterreceiving the message, device 1 stores the CPID information according toCPIDURL on device 1. In this case, device 1 does not allocate rights tothe CP. The CPID information may be a hash value of the CP public key(for example, calculated out through a hash algorithm), a CP public key,or another ID that differentiates between CPs. For ease of memorization,information such as a CP name may be added to the CPID.

Step 23: It is assumed that CP2 is started.

Step 24: Through a UPnP discovery mechanism, CP2 discovers a startedUPnP device (device 1) in the current network and obtains descriptioninformation of device 1. This step is similar to step 21.

Step 25: CP2 adds its ID information in device 1. This step is similarto step 22.

Step 26: From device 1, CP2 obtains the CPID information received ondevice 1.

In this step, a new command may be added to any service description inthe service description document of device 1. Device 1 executes thiscommand to read the obtained CPID information on device 1; or, a new URLfor storing CPID information is added to the device descriptiondocument/service description document, and CP1 ID information is readfrom the corresponding address identified by the URL; or, through anevent, CP2 obtains the CPID list that includes the received CPIDinformation on device 1, where the list is sent by device 1. The firsttwo methods are described below.

(1) A new command is added to any service description of the servicedescription document of the UPnP device, and the UPnP device executesthe command to read the obtained CPID information on the UPnP device.

Here is an example: An action command ReadCPID( ) is added to protectionservice description in the device service description document.

TABLE 2 Parameters of an added action command ReadCPID( ) in aprotection service Parameter name Direction Remarks Identity Outputparameter CPID

As shown in Table 2, the added action command ReadCPID( ) in theprotection service description instructs the UPnP device to readobtained CPID information on the UPnP device, and “Identity” is a CPIDlist parameter, which may include 0, 1 or multiple stored CPIDs. CP2sends an action command ReadCPID( ) to device 1. After receiving theaction command ReadCPID( ), device 1 does not need to authenticate theaction command ReadCPID( ), but executes the action command ReadCPID( ),and sends a CPID list that carries CPID information obtained by device 1to CP2.

(2) A new URL description is added to the device descriptiondocument/service description document to indicate the address forstoring CPID information on the UPnP device.

Here is an example: Address description CPIDURL, is added to a devicedescription document or service description document. The addressdescription indicates the URL for storing the CPID information on theUPnP device, for example, <CPIDURL>URL for CP ID</CPIDURL>.

CP2 sends an HTTP GET message that carries CPIDURL to device 1. Afterreceiving the message, device 1 obtains the CPID list from the addresscorresponding to CPIDURL, and sends the CPID list to CP2.

In this embodiment, CP2 holds the administrator rights. In fact, CP2 canperform such an operation no matter whether CP2 holds the administratorrights or not, and device 1 does not need to authenticate the accessrights of CP2 for such an operation.

CP1 may obtain ID information of CP2 from device 1 in a similar way (notillustrated in FIG. 2).

Step 27: CP2 allocates rights of accessing the device to CP1.

In this step, CP2 needs to have special rights such as administratorrights. It is assumed that CP2 has obtained the administrator rights.CP2 sends a right configuration command to device 1. The rightconfiguration command may carry the ID of CP1 and access rightsparameters of CP1. According to the right configuration command sent byCP2, device 1 allocates rights of accessing device 1 to CP1 Afterward,according to the configured access rights, device 1 authenticates thecommand from CP1, and therefore, CP1 can perform control operations fordevice 1 within the scope of access rights configured by CP2.

Every CP in the network in this embodiment may obtain information aboutother CPs. Different CPs as nodes of the network are equal in nature. Aspecific CP may be configured as required to have administrator rights.The CP with administrator rights configures access rights for other CPs.Therefore, it is not necessary to configure a dedicated apparatus formanaging access rights of the CP, the networking complexity is reduced,and the networking flexibility is improved.

In this embodiment, it is assumed that the UPnP network is composed oftwo CPs and one UPnP device. However, it is understandable to thoseskilled in the art that the access rights can be configured for the CPsaccording to the technical solution similar to this embodiment when moreCPs and/or more UPnP devices exist in the network.

FIG. 3 shows signaling interaction of a method for configuring accessrights in the third embodiment of the present invention. The applicationscenario of this embodiment is: The UPnP network includes two UPnPdevices (device 1 and device 2) and two CPs (CP1 and CP2). In steps31-314, CP1 and CP2 do not need to have administrator rights; in step315, CP2 needs to have administrator rights. This embodiment differsfrom the embodiment shown in FIG. 2 in: The CP information written bythe CP to device 1 and/or device 2 includes not merely the IDinformation of the CP in this embodiment, but also ID information ofother CP(s). It is assumed that device 1 and CP1 are started first. Asshown in FIG. 3, the method for configuring access rights in thisembodiment includes the following steps:

Step 31: CP1 discovers started device 1 in the current network through aUPnP discovery mechanism, and obtains the description information ofdevice 1. For details, see step 21 in the embodiment shown in FIG. 2.

Step 32: CP1 obtains the CPID information stored on device 1 accordingto the description document of device 1. For the method of CP1 obtainingthe CPID information stored on device 1, see step 26 in the embodimentshown in FIG. 2.

Step 33: CP1 checks whether the CPID information stored on device 1 isthe same as the CPID information stored on CP1, and adds the CPIDinformation according to the check result. Here is an example:

If the CPID information stored on CP1 is completely or partiallydifferent from the CPID information stored on device 1, CP1 adds thepart of difference between the CPID information on CP1 and the CPIDinformation on device 1 to device 1. For detailed method of adding, seestep 22 in the embodiment shown in FIG. 2.

If the CPID information stored on CP1 is completely the same as the CPIDinformation stored on device 1, CP1 does not add the CPID information todevice 1, thus improving efficiency of communication between the CP anddevice 1.

Step 34: It is assumed that CP2 is started.

Steps 35-37: CP2 discovers device 1 in the current network through aUPnP discovery mechanism, obtains a description document of device 1,and obtains the CPID stored on device 1. CP2 checks whether the CPIDinformation stored on the first UPnP device (device 1) is the same asthe CPID information stored on CP2, and adds the CPID informationaccording to the check result. The detailed implementation mode issimilar to steps 31-33.

Step 38: It is assumed that device 2 is started.

Steps 39-311: CP1 discovers device 2 in the current network through aUPnP discovery mechanism, obtains a description document of device 2,and reads the CPID stored on device 2 according to the descriptiondocument of device 2. CP1 checks whether the CPID information stored ondevice 2 is the same as the CPID information stored on CP1, and writesthe CPID information according to the check result. The detailedimplementation mode is similar to steps 31-33.

Steps 312-314: CP2 discovers device 2 in the current network through aUPnP discovery mechanism, obtains a description document of device 2,and reads the CPID stored on device 2. CP2 checks whether the CPIDinformation stored on the second UPnP device (device 2) is the same asthe CPID information stored on CP2, and adds the CPID informationaccording to the check result. The detailed implementation mode issimilar to steps 31-33.

Step 315: CP2 allocates rights of accessing device 1 to CP1. For themode of configuring and allocating the access rights, see step 27 in theembodiment shown in FIG. 2.

Also, CP2 allocates rights of accessing device 2 to CP1 (not illustratedin FIG. 3).

Every CP in the network in this embodiment may obtain information aboutother CPs. Different CPs as nodes of the network are equal in nature. Aspecific CP may be configured as required to have administrator rights.The CP with administrator rights configures access rights for other CPs.Therefore, it is not necessary to configure a dedicated apparatus formanaging access rights of the CP, the networking complexity is reduced,and the networking flexibility is improved.

In this embodiment, it is assumed that the UPnP network is composed oftwo CPs and two UPnP devices. However, it is understandable to thoseskilled in the art that the CPID information can be obtained and theaccess rights can be configured for the CPs according to the technicalsolution similar to this embodiment when more CPs and/or more UPnPdevices exist in the network.

FIG. 4 shows signaling interaction of a method for configuring accessrights in the fourth embodiment of the present invention. Theapplication scenario of this embodiment is: The UPnP network includestwo UPnP devices (device 1 and device 2) and three CPs (CP1, CP2, andCP3). CP1 and CP2 have no administrator rights; and CP3 hasadministrator rights. It is assumed that device 1 and CP1 are startedfirst. As shown in FIG. 4, the method for configuring access rights inthis embodiment includes the following steps:

Steps 41-46 are similar to steps 21-26 in the embodiment shown in FIG. 2except that neither CP1 nor CP2 has administrator rights in thisembodiment.

Steps 47-48: It is assumed that CP1 logs out, and device 2 is startedafter logout of CP1.

Step 49: CP2 discovers device 2 through a UPnP discovery mechanism, andobtains description information of device 2.

Step 410: CP2 adds the obtained CPID to device 2.

The CPID information added by CP2 to device 2 may include ID of CP1 andID of CP2. The method for adding the CPID is similar to step 22 in theembodiment shown in FIG. 2. After receiving the CPID information fromCP2, device 2 checks whether the CPID information sent by CP2 is thesame as the CPID information obtained by device 2, and stores the partof the CPID sent by CP2 which are not yet stored on device 2 into device2.

Step 411: From device 2, CP3 obtains the CPID information received ondevice 2.

The method of CP3 obtaining CPID information of other CPs from device 2is similar to step 26 in the embodiment shown in FIG. 11 n thisembodiment, device 2 has obtained ID information of at least CP1 and CP2through step 410. Therefore, the CPID list obtained by CP3 from device 2includes IDs of at least CP1 and CP2.

Step 412: CP3 allocates access rights to the CPs in the CPID list.

For example, CP3 allocates rights of accessing device 2 to CP1. In thiscase, CP3 sends a right configuration command to device 2. The rightconfiguration command may carry the ID of CP1 and access rightsparameters of CP1. According to the right configuration command sent byCP3, device 2 allocates rights of accessing device 2 to CP1. Afterward,according to the configured access rights, device 2 authenticates thecommand from CP1, and therefore, CP1 can perform control operations fordevice 2 within the scope of access rights configured by CP3.

In the foregoing technical solution in this embodiment, CP3 may allocaterights of accessing device 2 to CP2, allocate rights of accessing device1 to CP1, and allocate rights of accessing device 1 to CP2. Besides, CP3may obtain the CPID list from device 1, and allocates rights ofaccessing device 1 or device 2 to the CPs in the CPID list (notillustrated in FIG. 4).

In this embodiment, it is assumed that the UPnP network is composed ofthree CPs and two UPnP devices. However, it is understandable to thoseskilled in the art that the access rights can be configured for the CPsaccording to the technical solution similar to this embodiment when moreCPs and/or more UPnP devices exist in the network.

In this embodiment, the CP can add its ID information and the IDinformation of other CPs obtained by this CP to the device, thusshortening the time of obtaining the CPID information in the network,and improving efficiency of communication between the CP and the UPnPdevice. Besides, when multiple UPnP devices exist in the network, the CPwith administrator rights can obtain IDs of other CPs from any UPnPdevice, thus improving flexibility of networking.

FIG. 5 shows a structure of a UPnP device provided in the fifthembodiment of the present invention. As shown in FIG. 5, the deviceprovided in this embodiment includes:

a CPID information receiving module 51, adapted to receive CPIDinformation sent by a first CP without administrator rights, where theCPID information includes an ID of the first CP and/or an ID of anotherCP obtained by the first CP;

a CPID information sending module 52, adapted to send a CPID list thatcarries the CPID information to a second CP with administrator rights;and

a right configuring module 53, adapted to: receive a CP rightconfiguration command sent by the second CP, and configure access rightsfor CPs in the CPID list.

In the foregoing technical solution, the CPID information receivingmodule 51 may further include at least one of the following units:

a first writing unit 511, adapted to: receive a CPID writing commandthat carries the CPID information from the first CP, and store the CPIDinformation; and

a second writing unit 512, adapted to: receive CPID information andinformation about an address information for storing the CPIDinformation from the first CP, and store the CPID information accordingto the address information.

In the foregoing technical solution, the CPID information sending module52 may further include at least one of the following units:

a first reading and sending unit 521, adapted to: receive a CPID readingcommand sent by the second CP, and send the CPID list that comprises theCPID information to the second CP;

a second reading and sending unit 522, adapted to: receive informationabout an address for storing CPID information from the second CP, andsend the CPID list that comprises the CPID information to the second CP,where the CPID list is stored in the position corresponding to theaddress information; and

a third sending unit 523, adapted to send the CPID list that carriesCPID information to the second CP through an event.

On the basis of the foregoing technical solution, the CPID informationsending module 52 may be further adapted to send the CPID list thatcarries the CPID information to the first CP which holds noadministrator rights.

Through this embodiment, it is not necessary to deploy a dedicatedapparatus for configuring and managing rights of accessing the UPnPdevice for CPs in the networking process. Information about all CPs inthe network can be obtained through only two types of apparatuses(namely, CP and UPnP device provided in this embodiment), and any CP inthe network can be configured as having administrator rights toconfigure and manage access rights of other CPs, thus simplifying thenetworking. In practice, the UPnP device may be a home network device ina UPnP network, and the UPnP device interacts with the CP in the UPnPnetwork to configure access rights, as shown in FIG. 1-FIG. 4.

FIG. 6 shows a structure of a CP provided in the sixth embodiment of thepresent invention. As shown in FIG. 6, the CP provided in thisembodiment includes:

a CPID information sending module 61, adapted to send CPID informationto a UPnP device, where the CPID information includes an ID of this CPand/or an ID obtained from another CP;

a CPID information obtaining module 62, adapted to obtain a CPID listthat comprises the CPID information from the UPnP device; and

a CP right configuring module 63, adapted to send a CP rightconfiguration command to the UPnP device, where the command instructsthe UPnP device to configure access rights for CPs in the CPID list.

The CP provided in this embodiment exchanges CPID information with theUPnP device, and configures rights of accessing the UPnP device for thecorresponding CPs according to the obtained CPID information. In thenetwork constructed with the CP in this embodiment, any CP can beconfigured as having administrator rights or not, and therefore, it isnot necessary to set a dedicated apparatus for configuring and managingaccess rights of CPs, thus simplifying the networking and improvingflexibility of the networking. The method of configuring access rightsthrough interaction between the CP and the UPnP device in the network isdescribed in the embodiments shown in FIG. 1-FIG. 4.

FIG. 7 shows a structure of a communication system provided in theseventh embodiment of the present invention. As shown in FIG. 7, thecommunication system provided in this embodiment includes a first CP 71without administrator rights, a second CP 72 with administrator rights,and a UPnP device 73.

The first CP 71 is adapted to send CPID information to the UPnP device73, where the CPID information includes an ID of the first CP and/or IDsof other CPs obtained by the first CP.

The second CP 72 is adapted to: obtain a CPID list that carries the CPIDinformation from the UPnP device 73, and send a CP right configurationcommand to the UPnP device, where the command instructs the UPnP deviceto configure access rights for CPs corresponding to CPIDs in the CPIDlist.

The UPnP device 73 is adapted to: receive the CPID information sent bythe first CP 71, send a CPID list that carries the CPID information tothe second CP 72, and configure access rights for the CPs in the CPIDlist after receiving a CP right configuration command sent by the secondCP 72.

Through this embodiment, it is not necessary to deploy a dedicatedapparatus for configuring and managing rights of accessing the UPnPdevice for CPs in the networking process. Information about all CPs inthe network can be obtained through only two types of apparatuses(namely, CP and UPnP device provided in this embodiment), and any CP inthe network can be configured as having administrator rights toconfigure and manage access rights of other CPs, thus simplifying thenetworking. With respect to detailed implementation mode, the modulesincluded in the first CP and the second CP in this embodiment aredescribed in the embodiment shown in FIG. 6. The modules included in theUPnP device in this embodiment are described in the embodiment shown inFIG. 5, and the method of configuring access rights through interactionwith the CPs in the UPnP network is described in the embodiments shownin FIG. 1-FIG. 4.

It is understandable to those skilled in the art that the accompanyingdrawings are only schematic diagrams of the preferred embodiments, andthe modules or processes in the accompanying drawings are not mandatoryfor implementing the present invention.

It is understandable to those skilled in the art that the modules in anapparatus provided in an embodiment of the present invention may bedistributed into the apparatus described herein, or may be located inone or more apparatuses different from the apparatus described herein.The modules may be combined into one module, or split into multiplesubmodules.

The serial number of the embodiments of the present invention isdesigned to facilitate description only, and does not represent priorityof the embodiments.

Persons of ordinary skilled in the art should understand that all or apart of the steps of the method according to the embodiments of thepresent invention may be implemented by a program instructing relevanthardware. The program may be stored in a computer readable storagemedium. When the program runs, the steps of the method according to theembodiments of the present invention are performed. The storage mediummay be any medium that is capable of storing program codes, such as aROM, a RAM, a magnetic disk, or a CD-ROM.

Finally, it should be noted that the above embodiments are merelyprovided for describing the technical solutions of the presentinvention, but not intended to limit the present invention. It isapparent that persons skilled in the art can make various modificationsand variations to the invention without departing from the spirit andscope of the invention. The present invention is intended to cover themodifications and variations provided that they fall in the scope ofprotection defined by the following claims or their equivalents.

What is claimed is:
 1. A method for configuring access rights,comprising: receiving Control Point Identifier (CPID) information sentby a first Control Point (CP) without administrator rights, wherein theCPID information comprises an identifier (ID) of another CP obtained bythe first CP; communicating a CPID list that comprises the CPIDinformation to a second CP with administrator rights; and receiving a CPright configuration command from the second CP, and configuring accessrights for at least one CP corresponding to a CPID in the CPID list. 2.The method for configuring access rights according to claim 1, wherein:the ID comprises at least one of: a CP public key and a hash value ofthe CP public key.
 3. The method for configuring access rights accordingto claim 1, wherein receiving of the CPID information from the first CPwithout administrator rights comprises: receiving a CPID writing commandthat carries the CPID information from the first CP; and storing theCPID information according to the CPID writing command.
 4. The methodfor configuring access rights according to claim 1, wherein receiving ofthe CPID information from the first CP without administrator rightscomprises: receiving, from the first CP, the CPID information andaddress information that defines an address for storing the CPIDinformation; and storing the CPID information to the address.
 5. Themethod for configuring access rights according to claim 1, whereinsending of the CPID list that comprises the CPID information to thesecond CP with administrator rights comprises: receiving a CPID readingcommand from the second CP; and sending the CPID list that comprises theCPID information to the second CP according to the CPID reading command.6. The method for configuring access rights according to claim 1,wherein sending of the CPID list that comprises the CPID information tothe second CP with administrator rights comprises: receiving addressinformation that defines an address for storing the CPID informationfrom the second CP; and sending the CPID list that comprises the CPIDinformation to the second CP, wherein the CPID list is stored in aposition corresponding to the address defined by the addressinformation.
 7. The method for configuring access rights according toclaim 1, wherein sending of the CPID list that comprises the CPIDinformation to the second CP with administrator rights comprises:sending the CPID list that carries the CPID information to the second CPbased on an occurrence of an event.
 8. The method for configuring accessrights according to claim 3, wherein sending of the CPID list thatcomprises the CPID information to the second CP with administratorrights comprises: receiving a CPID reading command from the second CP;and sending the CPID list that comprises the CPID information to thesecond CP according to the CPID reading command.
 9. A device,comprising: a Control Point Identifier (CPID) information receivingmodule adapted to receive CPID information communicated by a firstControl Point (CP) without administrator rights, wherein the CPIDinformation comprises an identifier (ID) of another CP obtained by thefirst CP; a CPID information sending module adapted to send a CPID listthat comprises the CPID information to a second CP with administratorrights; and a right configuring module adapted to receive a CP rightconfiguration command from the second CP, and configure access rightsfor at least one CP corresponding to a CPID in the CPID list.
 10. Thedevice of claim 9, wherein the CP information receiving module comprisesa first writing unit adapted to receive a CPID writing command thatcarries the CPID information from the first CP, and store the CPIDinformation according to the writing command.
 11. The device of claim 9,wherein the CP information sending module comprises a first reading andsending unit adapted to receive a CPID reading command sent by thesecond CP, and send the CPID list that comprises the CPID information tothe second CP according to the CPID reading command.
 12. The device ofclaim 10, wherein the CP information sending module comprises a firstreading and sending unit adapted to receive a CPID reading command sentby the second CP, and send the CPID list that comprises the CPIDinformation to the second CP according to the CPID reading command. 13.The device of claim 9, wherein the CP information receiving modulecomprises a second writing unit adapted to receive, from the first CP,the CPID information and address information that defines an address forstoring the CPID information, and store the CPID information to theaddress.
 14. The device of claim 9, wherein the CP information sendingmodule comprises a second reading and sending unit adapted to receiveinformation about an address for storing the CPID information from thesecond CP, and send the CPID list that carries the CPID information tothe second CP, wherein the CPID list is stored in a positioncorresponding to the address information.
 15. The device of claim 9,wherein the CP information sending module comprises a third sending unitadapted to send the CPID list that carries the CPID information to thesecond CP through an event.
 16. The device of claim 10, wherein the CPinformation sending module comprises a second reading and sending unitadapted to receive information about an address for storing the CPIDinformation from the second CP, and send the CPID list that carries theCPID information to the second CP, wherein the CPID list is stored in aposition corresponding to the address information.
 17. The device ofclaim 10, wherein the CP information sending module comprises a thirdsending unit adapted to send the CPID list that carries the CPIDinformation to the second CP according to occurring of an event
 18. AControl Point (CP), comprising: a Control Point Identifier (CPID)information obtaining module adapted to obtain a CPID list thatcomprises CPID information from a first device; and a CPID informationsending module adapted to send the CPID information to a second device,wherein the CPID information comprises an ID of another CP.
 19. Acommunication system, comprising: a first CP without administratorrights adapted to send Control Point Identifier (CPID) information,wherein the CPID information comprises an identifier (ID) of another CPobtained by the first CP; a device adapted to receive the CPIDinformation from the first CP, communicate a CPID list that carries theCPID information, and configure access rights for one or more CPsspecified in the CPID list according to a CP right configurationcommand; and a second CP with administrator rights adapted to obtain theCPID list that comprises the CPID information from the device, andcommunicate the CP right configuration command to the device, whereinthe command instructs the device to configure access rights for the oneor more CPs corresponding to CPIDs in the CPID list.